BLACKCSI Shares 3 Best Practices for Thwarting Phishing Attacks

“The overwhelming majority of security breaches caused by phishing are completely avoidable,” stated Ruthann Black, President of BlackCSI. “While cybercriminals have grown more sophisticated in their approach, the average attack consists of the same key ingredients: an undereducated employee, effective bait and a temporary lapse in judgment. While we are in the business of securing an organization’s entire network and protecting them from any threats whatsoever, there are some initial steps that will safeguard a company without costing much time, energy or capital expenditure. These measures we’d like to share are extremely easy to implement and are excellent first steps in protecting a company from cybercrime.”

The first sign to look for is the sender’s name in the “From” field of the email. Cybercriminals often use misspelled email addresses, such as , for example, in order to deceive the receiver into thinking that the email is coming from a reputable company. At a quick glance, many recipients won’t recognize the typo in the address field and they’ll open the email which opens them up to the bait.

The next step for employees is to hover their mouse over links, instead of clicking them without thinking about it. Lots of hackers use very long links or they hope that the recipient will just click on the link right away instead of previewing the destination by hovering above and making sure that the domains match where they expect to be directed. If the preview link looks suspicious, that’s probably because it isn’t a legitimate offer. We recommend deleting these types of emails.

The final step for employees is to look in the footer. One of the current laws around email marketing requires senders to leave a physical address within the footer of the email. This is often left-out by cybercriminals and is a very easy way to tell if the email is a phishing attempt. Furthermore, there should also be an “Unsubscribe” button at the bottom of the email, which is another step that most hackers ignore.

By simply addressing these three initial steps, SMBs can avoid the vast majority of cyberattacks coming at their business. They are some of the simplest, yet most effective ways at minimizing risk within an organization. “If all organizations were even this educated about cyberattacks, we would see a dramatic drop in incidents,” concluded Black.

There is no question that a small business can benefit from technology, as has been proven time and time again. However, an issue can arise if a business bites off more than it can chew, so to speak, and ultimately creates a spike in costs....